If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hybrid View

Safari and extreme caching...

I'm testing a site with new security in place that works great in IE, Firefox, and Chrome. However, Safari is a whole "nuther" thing. I assume the Mac side is behaving the same as the windows version, but simple javascript like "history.go(1);" is ignored, as is (for the most part) cookie settings in Safari.

I have an app that people need to login to, but before they do cookies are required from the browser (I'm using session vars), then when they logout, I clear/destroy the session, and finally lead them to a logout successful page and drop the history.go(1) on the page before, so you can't go back and review previous secure sessions. Works great as I mentioned for IE, FF, and Chrome. (Haven't tried Opera yet)

*IF*, and only if, I "reset" the safari browser, and test with cookies off, it will behave properly, and acknowledge the site as designed and the user is reminded to "enable" their cookies before logging in. When done enabling, they are to click on a link to retry (retests for cookies) logging. That actually doesn't work (safari has already hard cached this page), but "refreshing" the browser does work and it realizes cookies are back on, and the login page shows correctly. I can then login and run normally, until... I logout. After logging out, as I mentioned above (despite the history.go(1), they can freely browse back through the entire previous secure session with ease. Not good manners, I say.

To make it worse, if I then go back in, clear the cache, and re-disable cookies in safari (to retest), I can login as if cookies are actually enabled. And all my session logic testing at every page that is secure is ignored. I'm able to surf the entire site (new pages included), as if the cookies are on. WTF?

It appears the only thing that you can count on from safari is a clean new browser session that has been "reset."

Here's a previous thread that had a great idea by randomizing the the login url, which I may try. It still doesn't solve the history back issue though.